b'Annual Report, \xe2\x80\x9cFederal Information Security Management Act: Fiscal Year 2007 Report\nfrom the Office of Inspector General\xe2\x80\x9d (IG-07-034, September 28, 2007)\n\nThis annual report, submitted as a memorandum from the Inspector General to the NASA\nAdministrator, provides the Office of Management and Budget (OMB) with our\nindependent assessment of NASA\xe2\x80\x99s information technology (IT) security posture. We\nnoted that NASA identified its IT security program as a material weakness reportable in\naccordance with the Federal Managers\xe2\x80\x99 Financial Integrity Act. NASA\xe2\x80\x99s IT security\nprogram will remain as a material weakness until IT security weaknesses, identified\nduring this fiscal year and in previous years, are mitigated.\n\nIn January 2007, the Agency completed a comprehensive security review of NASA IT\nsystems. The review (1) assessed Headquarters and Center implementation of existing\nNASA policy requirements; (2) evaluated the effectiveness of the Agency\xe2\x80\x99s IT security\norganizational structure; (3) verified the accuracy of IT security incident and status\nreports; and (4) evaluated the effectiveness of policy enforcement efforts. The review\nresulted in recommendations that the NASA Office of the Chief Information Officer\n(OCIO) is aggressively addressing, in accordance with its March 23, 2007, corrective\naction plan. We commend the OCIO for these efforts; nonetheless, significant challenges\nremain.\n\nThe OMB\xe2\x80\x99s FY 2007 Report to Congress on Implementation of The Federal Information\nSecurity Management Act of 2002 includes information provided by our report. However,\nas an \xe2\x80\x9cIntra-Agency Memorandum,\xe2\x80\x9d our report is considered exempt from release under\nthe Freedom of Information Act (FOIA); it also contains NASA Information Technology/\nInternal Systems Data that is not routinely released under FOIA. To submit a FOIA\nrequest, see the online guide.\n\x0c'